mirror of
https://github.com/wazuh/wazuh-docker.git
synced 2025-12-10 00:38:27 -06:00
Compare commits
4 Commits
ccbb78131b
...
19dda0c176
| Author | SHA1 | Date | |
|---|---|---|---|
|
19dda0c176 | ||
|
|
05aece7433 | ||
|
|
fc8262b791 | ||
|
|
9ebecf410e |
13
.github/.goss.yaml
vendored
13
.github/.goss.yaml
vendored
@ -1,11 +1,4 @@
|
||||
file:
|
||||
/etc/filebeat/filebeat.yml:
|
||||
exists: true
|
||||
mode: "0644"
|
||||
owner: root
|
||||
group: root
|
||||
filetype: file
|
||||
contains: []
|
||||
/var/ossec/bin/wazuh-control:
|
||||
exists: true
|
||||
mode: "0750"
|
||||
@ -49,10 +42,6 @@ file:
|
||||
filetype: file
|
||||
contains: []
|
||||
package:
|
||||
filebeat:
|
||||
installed: true
|
||||
versions:
|
||||
- 7.10.2
|
||||
wazuh-manager:
|
||||
installed: true
|
||||
versions:
|
||||
@ -71,8 +60,6 @@ port:
|
||||
ip:
|
||||
- 0.0.0.0
|
||||
process:
|
||||
filebeat:
|
||||
running: true
|
||||
wazuh-analysisd:
|
||||
running: true
|
||||
wazuh-authd:
|
||||
|
||||
39
.github/multi-node-filebeat-check.sh
vendored
39
.github/multi-node-filebeat-check.sh
vendored
@ -1,39 +0,0 @@
|
||||
COMMAND_TO_EXECUTE="filebeat test output"
|
||||
|
||||
MASTER_CONTAINERS=$(docker ps --format '{{.Names}}' | grep -E 'master')
|
||||
|
||||
if [ -z "$MASTER_CONTAINERS" ]; then
|
||||
echo "No containers were found with 'master' in their name."
|
||||
else
|
||||
for MASTER_CONTAINERS in $MASTER_CONTAINERS; do
|
||||
FILEBEAT_OUTPUT=$(docker exec "$MASTER_CONTAINERS" $COMMAND_TO_EXECUTE)
|
||||
FILEBEAT_STATUS=$(echo "${FILEBEAT_OUTPUT}" | grep -c OK)
|
||||
if [[ $FILEBEAT_STATUS -eq 7 ]]; then
|
||||
echo "No errors in filebeat"
|
||||
echo "${FILEBEAT_OUTPUT}"
|
||||
else
|
||||
echo "Errors in filebeat"
|
||||
echo "${FILEBEAT_OUTPUT}"
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
fi
|
||||
|
||||
MASTER_CONTAINERS=$(docker ps --format '{{.Names}}' | grep -E 'worker')
|
||||
|
||||
if [ -z "$MASTER_CONTAINERS" ]; then
|
||||
echo "No containers were found with 'worker' in their name."
|
||||
else
|
||||
for MASTER_CONTAINERS in $MASTER_CONTAINERS; do
|
||||
FILEBEAT_OUTPUT=$(docker exec "$MASTER_CONTAINERS" $COMMAND_TO_EXECUTE)
|
||||
FILEBEAT_STATUS=$(echo "${FILEBEAT_OUTPUT}" | grep -c OK)
|
||||
if [[ $FILEBEAT_STATUS -eq 7 ]]; then
|
||||
echo "No errors in filebeat"
|
||||
echo "${FILEBEAT_OUTPUT}"
|
||||
else
|
||||
echo "Errors in filebeat"
|
||||
echo "${FILEBEAT_OUTPUT}"
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
fi
|
||||
20
.github/single-node-filebeat-check.sh
vendored
20
.github/single-node-filebeat-check.sh
vendored
@ -1,20 +0,0 @@
|
||||
COMMAND_TO_EXECUTE="filebeat test output"
|
||||
|
||||
MASTER_CONTAINERS=$(docker ps --format '{{.Names}}' | grep -E 'manager')
|
||||
|
||||
if [ -z "$MASTER_CONTAINERS" ]; then
|
||||
echo "No containers were found with 'manager' in their name."
|
||||
else
|
||||
for MASTER_CONTAINERS in $MASTER_CONTAINERS; do
|
||||
FILEBEAT_OUTPUT=$(docker exec "$MASTER_CONTAINERS" $COMMAND_TO_EXECUTE)
|
||||
FILEBEAT_STATUS=$(echo "${FILEBEAT_OUTPUT}" | grep -c OK)
|
||||
if [[ $FILEBEAT_STATUS -eq 7 ]]; then
|
||||
echo "No errors in filebeat"
|
||||
echo "${FILEBEAT_OUTPUT}"
|
||||
else
|
||||
echo "Errors in filebeat"
|
||||
echo "${FILEBEAT_OUTPUT}"
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
fi
|
||||
@ -145,8 +145,8 @@ jobs:
|
||||
wazuh_agent_url_i386_msi: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-agent-5.0.0-${{ inputs.reference }}.i386.msi --expires-in 3600 --region us-west-1)"
|
||||
wazuh_agent_url_intel64_pkg: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-agent-5.0.0-${{ inputs.reference }}.intel64.pkg --expires-in 3600 --region us-west-1)"
|
||||
wazuh_agent_url_arm64_pkg: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-agent-5.0.0-${{ inputs.reference }}.arm64.pkg --expires-in 3600 --region us-west-1)"
|
||||
wazuh_certs_tool: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/secondary/installation-assistant/5.0.0/wazuh-certs-tool.sh --expires-in 3600 --region us-west-1)"
|
||||
wazuh_config_yml: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/secondary/installation-assistant/5.0.0/config.yml --expires-in 3600 --region us-west-1)"
|
||||
wazuh_certs_tool: "https://packages-dev.wazuh.com/4.13/wazuh-certs-tool.sh"
|
||||
wazuh_config_yml: "https://packages-dev.wazuh.com/4.13/config.yml"
|
||||
EOF
|
||||
working-directory: ./build-docker-images
|
||||
|
||||
|
||||
6
.github/workflows/push.yml
vendored
6
.github/workflows/push.yml
vendored
@ -175,9 +175,6 @@ jobs:
|
||||
env:
|
||||
TOKEN: $(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "https://0.0.0.0:55000/security/user/authenticate?raw=true")
|
||||
|
||||
- name: Check filebeat output
|
||||
run: ./.github/single-node-filebeat-check.sh
|
||||
|
||||
- name: Check Wazuh dashboard service URL
|
||||
run: |
|
||||
status=$(curl -XGET --silent https://0.0.0.0:443/app/status -k -u admin:SecretPassword -I -s | grep -E "^HTTP" | awk '{print $2}')
|
||||
@ -338,9 +335,6 @@ jobs:
|
||||
env:
|
||||
TOKEN: $(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "https://0.0.0.0:55000/security/user/authenticate?raw=true")
|
||||
|
||||
- name: Check filebeat output
|
||||
run: ./.github/multi-node-filebeat-check.sh
|
||||
|
||||
- name: Check Wazuh dashboard service URL
|
||||
run: |
|
||||
status=$(curl -XGET --silent https://0.0.0.0:443/app/status -k -u admin:SecretPassword -I | grep -E "^HTTP" | awk '{print $2}')
|
||||
|
||||
@ -24,7 +24,6 @@ $ build-docker-images/build-images.sh -h
|
||||
Usage: build-docker-images/build-images.sh [OPTIONS]
|
||||
|
||||
-d, --dev <ref> [Optional] Set the development stage you want to build, example rc1 or beta1, not used by default.
|
||||
-f, --filebeat-module <ref> [Optional] Set Filebeat module version. By default 0.4.
|
||||
-r, --revision <rev> [Optional] Package revision. By default 1
|
||||
-v, --version <ver> [Optional] Set the Wazuh version should be builded. By default, 5.0.0.
|
||||
-h, --help Show this help.
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
# Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
|
||||
# This has to be exported to make some magic below work.
|
||||
set -x
|
||||
export DH_OPTIONS
|
||||
|
||||
export NAME=wazuh-dashboard
|
||||
@ -55,3 +56,5 @@ sed -i "s|/etc/wazuh-dashboard|${CONFIG_DIR}|g" ${CONFIG_DIR}/opensearch_dashboa
|
||||
|
||||
chmod -R 500 ${CONFIG_DIR}/certs
|
||||
chmod -R 400 ${CONFIG_DIR}/certs/*
|
||||
|
||||
set +x
|
||||
@ -7,7 +7,7 @@ api_username="${API_USERNAME:-wazuh-wui}"
|
||||
api_password="${API_PASSWORD:-wazuh-wui}"
|
||||
api_run_as="${RUN_AS:-false}"
|
||||
|
||||
dashboard_config_file="/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml"
|
||||
dashboard_config_file="/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml"
|
||||
|
||||
declare -A CONFIG_MAP=(
|
||||
[pattern]=$PATTERN
|
||||
@ -32,13 +32,13 @@ do
|
||||
fi
|
||||
done
|
||||
|
||||
grep -q 1513629884013 $dashboard_config_file
|
||||
grep -q default $dashboard_config_file
|
||||
_config_exists=$?
|
||||
|
||||
if [[ $_config_exists -ne 0 ]]; then
|
||||
cat << EOF >> $dashboard_config_file
|
||||
hosts:
|
||||
- 1513629884013:
|
||||
wazuh_core.hosts:
|
||||
default:
|
||||
url: $wazuh_url
|
||||
port: $wazuh_port
|
||||
username: $api_username
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
# Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
|
||||
# This has to be exported to make some magic below work.
|
||||
set -x
|
||||
export DH_OPTIONS
|
||||
|
||||
export NAME=wazuh-indexer
|
||||
@ -64,3 +65,5 @@ sed -i 's/-Djava.security.policy=file:\/\/\/etc\/wazuh-indexer\/opensearch-perfo
|
||||
chown -R ${USER}:${GROUP} ${CONFIG_DIR}
|
||||
chmod -R 500 ${CONFIG_DIR}/certs
|
||||
chmod -R 400 ${CONFIG_DIR}/certs/*
|
||||
|
||||
set +x
|
||||
@ -4,7 +4,7 @@
|
||||
# Variables for certificate generation
|
||||
CERT_TOOL="wazuh-certs-tool.sh"
|
||||
CERT_CONFIG_FILE="config.yml"
|
||||
CERT_DIR=/etc/filebeat/certs
|
||||
CERT_DIR=/etc/wazuh/certs
|
||||
download_package() {
|
||||
local url=$1
|
||||
local package=$2
|
||||
|
||||
@ -7,7 +7,7 @@
|
||||
|
||||
In this repository you will find the containers to run:
|
||||
|
||||
* Wazuh manager: it runs the Wazuh manager, Wazuh API and Filebeat OSS
|
||||
* Wazuh manager: it runs the Wazuh manager, and Wazuh API
|
||||
* Wazuh dashboard: provides a web user interface to browse through alert data and allows you to visualize the agents configuration and status.
|
||||
* Wazuh indexer: Wazuh indexer container (working as a single-node cluster or as a multi-node cluster). **Be aware to increase the `vm.max_map_count` setting, as it's detailed in the [Wazuh documentation](https://documentation.wazuh.com/current/docker/wazuh-container.html#increase-max-map-count-on-your-host-linux).**
|
||||
* Wazuh agent: This container contains the Wazuh agent services. Current functionality is limited.
|
||||
@ -70,16 +70,14 @@ The folder `wazuh-agent` contains a README explaining how to run a container wit
|
||||
│ │ ├── etc
|
||||
│ │ │ ├── cont-init.d
|
||||
│ │ │ │ ├── 0-wazuh-init
|
||||
│ │ │ │ ├── 1-config-filebeat
|
||||
│ │ │ │ ├── 1-config-
|
||||
│ │ │ │ └── 2-manager
|
||||
│ │ │ └── services.d
|
||||
│ │ │ ├── filebeat
|
||||
│ │ │ ├──
|
||||
│ │ │ │ ├── finish
|
||||
│ │ │ │ └── run
|
||||
│ │ │ └── ossec-logs
|
||||
│ │ │ └── run
|
||||
│ │ ├── filebeat_module.sh
|
||||
│ │ ├── filebeat.yml
|
||||
│ │ ├── permanent_data.env
|
||||
│ │ └── permanent_data.sh
|
||||
│ └── Dockerfile
|
||||
|
||||
@ -97,15 +97,15 @@ docker volume create \
|
||||
docker volume create \
|
||||
--label com.docker.compose.project=multi-node \
|
||||
--label com.docker.compose.version=1.25.0 \
|
||||
--label com.docker.compose.volume=master-filebeat-etc \
|
||||
multi-node_master-filebeat-etc
|
||||
--label com.docker.compose.volume=master-wazuh-etc \
|
||||
multi-node_master-wazuh-etc
|
||||
```
|
||||
```
|
||||
docker volume create \
|
||||
--label com.docker.compose.project=multi-node \
|
||||
--label com.docker.compose.version=1.25.0 \
|
||||
--label com.docker.compose.volume=master-filebeat-var \
|
||||
multi-node_master-filebeat-var
|
||||
--label com.docker.compose.volume=master-wazuh-var \
|
||||
multi-node_master-wazuh-var
|
||||
```
|
||||
```
|
||||
docker volume create \
|
||||
@ -160,15 +160,15 @@ docker volume create \
|
||||
docker volume create \
|
||||
--label com.docker.compose.project=multi-node \
|
||||
--label com.docker.compose.version=1.25.0 \
|
||||
--label com.docker.compose.volume=worker-filebeat-etc \
|
||||
multi-node_worker-filebeat-etc
|
||||
--label com.docker.compose.volume=worker-wazuh-etc \
|
||||
multi-node_worker-wazuh-etc
|
||||
```
|
||||
```
|
||||
docker volume create \
|
||||
--label com.docker.compose.project=multi-node \
|
||||
--label com.docker.compose.version=1.25.0 \
|
||||
--label com.docker.compose.volume=worker-filebeat-var \
|
||||
multi-node_worker-filebeat-var
|
||||
--label com.docker.compose.volume=worker-wazuh-var \
|
||||
multi-node_worker-wazuh-var
|
||||
```
|
||||
**6. Copy the volume content from elasticsearch to Wazuh indexer volumes and old Wazuh manager content to new volumes.**
|
||||
```
|
||||
@ -233,14 +233,14 @@ docker container run --rm -it \
|
||||
```
|
||||
```
|
||||
docker container run --rm -it \
|
||||
-v wazuh-docker_filebeat-etc:/from \
|
||||
-v multi-node_master-filebeat-etc:/to \
|
||||
-v wazuh-docker-etc:/from \
|
||||
-v multi-node_master-etc:/to \
|
||||
alpine ash -c "cd /from ; cp -avp . /to"
|
||||
```
|
||||
```
|
||||
docker container run --rm -it \
|
||||
-v wazuh-docker_filebeat-var:/from \
|
||||
-v multi-node_master-filebeat-var:/to \
|
||||
-v wazuh-docker-var:/from \
|
||||
-v multi-node_master-wazuh-var:/to \
|
||||
alpine ash -c "cd /from ; cp -avp . /to"
|
||||
```
|
||||
```
|
||||
@ -287,14 +287,14 @@ docker container run --rm -it \
|
||||
```
|
||||
```
|
||||
docker container run --rm -it \
|
||||
-v wazuh-docker_worker-filebeat-etc:/from \
|
||||
-v multi-node_worker-filebeat-etc:/to \
|
||||
-v wazuh-docker_worker-etc:/from \
|
||||
-v multi-node_worker-wazuh-etc:/to \
|
||||
alpine ash -c "cd /from ; cp -avp . /to"
|
||||
```
|
||||
```
|
||||
docker container run --rm -it \
|
||||
-v wazuh-docker_worker-filebeat-var:/from \
|
||||
-v multi-node_worker-filebeat-var:/to \
|
||||
-v wazuh-docker_worker-var:/from \
|
||||
-v multi-node_worker-wazuh-var:/to \
|
||||
alpine ash -c "cd /from ; cp -avp . /to"
|
||||
```
|
||||
|
||||
|
||||
@ -34,8 +34,8 @@ services:
|
||||
- master-wazuh-active-response:/var/ossec/active-response/bin
|
||||
- master-wazuh-wodles:/var/ossec/wodles
|
||||
- ./wazuh-certificates/root-ca.pem:/etc/ssl/root-ca.pem
|
||||
- ./wazuh-certificates/wazuh.master.pem:/etc/ssl/filebeat.pem
|
||||
- ./wazuh-certificates/wazuh.master-key.pem:/etc/ssl/filebeat.key
|
||||
- ./wazuh-certificates/wazuh.master.pem:/etc/ssl/wazuh.master.pem
|
||||
- ./wazuh-certificates/wazuh.master-key.pem:/etc/ssl/wazuh.master.key
|
||||
wazuh.worker:
|
||||
image: wazuh/wazuh-manager:5.0.0
|
||||
hostname: wazuh.worker
|
||||
@ -65,9 +65,9 @@ services:
|
||||
- worker-wazuh-var-multigroups:/var/ossec/var/multigroups
|
||||
- worker-wazuh-active-response:/var/ossec/active-response/bin
|
||||
- worker-wazuh-wodles:/var/ossec/wodles
|
||||
- ./wazuh-certificates/root-ca.pem:/etc/filebeat/certs/root-ca.pem
|
||||
- ./wazuh-certificates/wazuh.worker.pem:/etc/filebeat/certs/filebeat.pem
|
||||
- ./wazuh-certificates/wazuh.worker-key.pem:/etc/filebeat/certs/filebeat-key.pem
|
||||
- ./wazuh-certificates/root-ca.pem:/etc/wazuh/certs/root-ca.pem
|
||||
- ./wazuh-certificates/wazuh.worker.pem:/etc/wazuh/certs/wazuh.worker.pem
|
||||
- ./wazuh-certificates/wazuh.worker-key.pem:/etc/wazuh/certs/wazuh.worker.key
|
||||
|
||||
wazuh1.indexer:
|
||||
image: wazuh/wazuh-indexer:5.0.0
|
||||
|
||||
@ -61,14 +61,14 @@ docker volume create \
|
||||
docker volume create \
|
||||
--label com.docker.compose.project=$2 \
|
||||
--label com.docker.compose.version=$1 \
|
||||
--label com.docker.compose.volume=master-filebeat-etc \
|
||||
$2_master-filebeat-etc
|
||||
--label com.docker.compose.volume=master-wazuh-etc \
|
||||
$2_master-wazuh-etc
|
||||
|
||||
docker volume create \
|
||||
--label com.docker.compose.project=$2 \
|
||||
--label com.docker.compose.version=$1 \
|
||||
--label com.docker.compose.volume=master-filebeat-var \
|
||||
$2_master-filebeat-var
|
||||
--label com.docker.compose.volume=master-wazuh-var \
|
||||
$2_master-wazuh-var
|
||||
|
||||
docker volume create \
|
||||
--label com.docker.compose.project=$2 \
|
||||
@ -115,18 +115,18 @@ docker volume create \
|
||||
docker volume create \
|
||||
--label com.docker.compose.project=$2 \
|
||||
--label com.docker.compose.version=$1 \
|
||||
--label com.docker.compose.volume=worker-filebeat-etc \
|
||||
$2_worker-filebeat-etc
|
||||
--label com.docker.compose.volume=worker-wazuh-etc \
|
||||
$2_worker-wazuh-etc
|
||||
|
||||
docker volume create \
|
||||
--label com.docker.compose.project=$2 \
|
||||
--label com.docker.compose.version=$1 \
|
||||
--label com.docker.compose.volume=worker-filebeat-var \
|
||||
$2_worker-filebeat-var
|
||||
--label com.docker.compose.volume=worker-wazuh-var \
|
||||
$2_worker-wazuh-var
|
||||
|
||||
docker container run --rm -it \
|
||||
-v wazuh-docker_worker-filebeat-var:/from \
|
||||
-v $2_worker-filebeat-var:/to \
|
||||
-v wazuh-docker_worker-var:/from \
|
||||
-v $2_worker-wazuh-var:/to \
|
||||
alpine ash -c "cd /from ; cp -avp . /to"
|
||||
|
||||
docker container run --rm -it \
|
||||
@ -180,13 +180,13 @@ docker container run --rm -it \
|
||||
alpine ash -c "cd /from ; cp -avp . /to"
|
||||
|
||||
docker container run --rm -it \
|
||||
-v wazuh-docker_filebeat-etc:/from \
|
||||
-v $2_master-filebeat-etc:/to \
|
||||
-v wazuh-docker-etc:/from \
|
||||
-v $2_master-wazuh-etc:/to \
|
||||
alpine ash -c "cd /from ; cp -avp . /to"
|
||||
|
||||
docker container run --rm -it \
|
||||
-v wazuh-docker_filebeat-var:/from \
|
||||
-v $2_master-filebeat-var:/to \
|
||||
-v wazuh-docker-var:/from \
|
||||
-v $2_master-wazuh-var:/to \
|
||||
alpine ash -c "cd /from ; cp -avp . /to"
|
||||
|
||||
docker container run --rm -it \
|
||||
@ -225,11 +225,11 @@ docker container run --rm -it \
|
||||
alpine ash -c "cd /from ; cp -avp . /to"
|
||||
|
||||
docker container run --rm -it \
|
||||
-v wazuh-docker_worker-filebeat-etc:/from \
|
||||
-v $2_worker-filebeat-etc:/to \
|
||||
-v wazuh-docker_worker-etc:/from \
|
||||
-v $2_worker-wazuh-etc:/to \
|
||||
alpine ash -c "cd /from ; cp -avp . /to"
|
||||
|
||||
docker container run --rm -it \
|
||||
-v wazuh-docker_worker-filebeat-var:/from \
|
||||
-v $2_worker-filebeat-var:/to \
|
||||
-v wazuh-docker_worker-var:/from \
|
||||
-v $2_worker-wazuh-var:/to \
|
||||
alpine ash -c "cd /from ; cp -avp . /to"
|
||||
|
||||
@ -32,9 +32,9 @@ services:
|
||||
- wazuh_var_multigroups:/var/ossec/var/multigroups
|
||||
- wazuh_active_response:/var/ossec/active-response/bin
|
||||
- wazuh_wodles:/var/ossec/wodles
|
||||
- ./wazuh-certificates/root-ca.pem:/etc/filebeat/certs/root-ca.pem
|
||||
- ./wazuh-certificates/wazuh.manager.pem:/etc/filebeat/certs/filebeat.pem
|
||||
- ./wazuh-certificates/wazuh.manager-key.pem:/etc/filebeat/certs/filebeat-key.pem
|
||||
- ./wazuh-certificates/root-ca.pem:/etc/wazuh/certs/root-ca.pem
|
||||
- ./wazuh-certificates/wazuh.manager.pem:/etc/wazuh/certs/wazuh.manager.pem
|
||||
- ./wazuh-certificates/wazuh.manager-key.pem:/etc/wazuh/certs/wazuh.manager-key.pem
|
||||
|
||||
wazuh.indexer:
|
||||
image: wazuh/wazuh-indexer:5.0.0
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user